Our website uses cookies to give you the most optimal experience online by: measuring our audience, understanding how our webpages are viewed and improving consequently the way our website works, providing you with relevant and personalized marketing content.
You have full control over what you want to activate. You can accept the cookies by clicking on the “Accept all cookies” button or customize your choices by selecting the cookies you want to activate. You can also decline all non-necessary cookies by clicking on the “Decline all cookies” button. Please find more information on our use of cookies and how to withdraw at any time your consent on our privacy policy.

Managing your cookies

Our website uses cookies. You have full control over what you want to activate. You can accept the cookies by clicking on the “Accept all cookies” button or customize your choices by selecting the cookies you want to activate. You can also decline all non-necessary cookies by clicking on the “Decline all cookies” button.

Necessary cookies

These are essential for the user navigation and allow to give access to certain functionalities such as secured zones accesses. Without these cookies, it won’t be possible to provide the service.
Matomo on premise

Marketing cookies

These cookies are used to deliver advertisements more relevant for you, limit the number of times you see an advertisement; help measure the effectiveness of the advertising campaign; and understand people’s behavior after they view an advertisement.
Adobe Privacy policy | Marketo Privacy Policy | MRP Privacy Policy | AccountInsight Privacy Policy | Triblio Privacy Policy

Social media cookies

These cookies are used to measure the effectiveness of social media campaigns.
LinkedIn Policy

Our website uses cookies to give you the most optimal experience online by: measuring our audience, understanding how our webpages are viewed and improving consequently the way our website works, providing you with relevant and personalized marketing content. You can also decline all non-necessary cookies by clicking on the “Decline all cookies” button. Please find more information on our use of cookies and how to withdraw at any time your consent on our privacy policy.

Skip to main content

The war on talent in cybersecurity

5 May, 2017

By Koen Maris,
Chief Technology Officer – Cyber Security at Atos

IT talent is far too scarce in our contours and cybersecurity talent is even scarcer. Thus, companies are often in a war to attract these people. However, it often appears to be difficult to keep their white knights within the company. The traditional talent management approach is inadequate and there are a number of good reasons for that.

Hard skills detriment of soft skills

Many cybersecurity specialists are technically highly gifted, but sometimes have trouble communicating to the outside world about what they are doing. If there is no one who cares about this and who proposes the right track to keep these talents triggered and motivated, you’ll see them leave frustrated and discouraged after some time.

Promising a lot, while giving little

In the battle for talent, promises that prove untenable in practice are often made, such as the chance of training and to attend conferences like Defcon and Brucon. This may seem like a very banal reason to leave a business, but the hard reality is that most cybersecurity experts rarely choose a company because of the high wage.

Promising a lot, while giving little– part 2

“A fascinating job with lots of variety and career prospects.” The companies that write down these job descriptions really mean that they want to offer every employee a nice career path. But in reality it turns out that these experts are difficult to replace, meaning that the white knight often remains working on the same project in the same position.

Consultants come from Venus, ethical hackers from Mars

Most of the cyber security projects we currently do for customers require both the business skills of traditional consultants and the technical and analytical skills of security experts. Their work methods are opposite to each other, but that is of no importance to the customer, who wants to hear what the security issues are, but also how to solve them. Likewise, you need someone who can reconcile both and this is what often lacks within companies.

Consultants come from Venus, ethical hackers from Mars – part 2

Not only the work method of cybersecurity experts differs greatly from the business consultant, but the mentality and expectations of corporate culture are far apart as well. A company that focuses too much on the number of hours worked will soon have a problem with the ethical hackers. They want to be judged by their results, not by the amount of hours they have spent in the office. In addition, they have lacquer on hierarchy and outward appearance, so the business dress code that is used in the traditional consulting firms, for example, is not an attractive prospect.

Cyber security is a mindset, not a training

“No cybersecurity experts available? Then we’ll quickly re-educate some consultants from the bench!” In practice, it’s clear that you cannot just train cybersecurity experts. In particular ethical hacking is much more a mindset than the result of a decent training. Even “IT’ers” cannot simply be transformed into ethical hackers. A good “IT’er” learns to understand the logic and patterns of software and technology to make the best possible use of it. A good ethical hacker just does the reverse; with each infrastructure, the question arises: “How do I get this system disregarded?”. They have to question everything, and that’s something you can’t learn in a cybersecurity crash course.

More about Koen Maris:

LinkedIn | Twitter